This is a strange commitment to pricacy. Not that there’s a technical barrier to employees accessing data, but something along the lines of “we wrote up a rule in the company wiki, so we trust that employees won’t violate it”
Yeah, I would have much hear “we have tight access control, logs, and auditing, and can’t access it ourselves without an automated email sent to you.” Right now it sounds even worse than saying nothing at all as it almost implies their are now ACLs
We did write something very similar: “Mighty does three things to protect your data: your data lives on our secure servers that are audited by 3rd party security firms, it has tight control in terms of who can access it, access is heavily audited and logged, and your most sensitive data is also encrypted.”
Can we do better? Sure and we will. I am really committed to that as a security conscious person.
I can't help but ask: As a security conscious person, how can you justify creating the service? You'll have the data and access of everything your customer does online, which for your target audience is everything your customer does on a computer. For the individual customer this is worse than Google, Facebook, Twitter combined. Also, you'll have an effective backdoor into every two-factor authentication, be it online banking, valuable Twitter accounts or AWS admins. There are massive monetary and political incentives to hack or infiltrate your service. Given your scale, you can't have comparable security measures to the big players. And given your location (US) you'll eventually receive national security letters forcing you to secretly sip off anything secret services or law enforcement wants you to.
You can put as many technical barriers in place as you want, eventually you do have to trust your employees. Sure, you could store everything client-side (or have a local encryption key), but most people don't actually want that - they want to be able to access their history from any computer they're at, they want the ability to forget/reset their password, etc. and so you're back at the company holding the secrets, and the employees need to be trusted.
Of course you'd hope for access control/encryption/etc. as well as it being prohibited, but this is standard across just about any industry. Somebody has access, and they're trusted not to use it.
This is a strange commitment to pricacy. Not that there’s a technical barrier to employees accessing data, but something along the lines of “we wrote up a rule in the company wiki, so we trust that employees won’t violate it”